Local User Privilege Escalation in Nokia WaveLite Products
CVE-2023-22618

7.8HIGH

Key Information:

Vendor: Nokia
Status: Wavelite Metro 200 And Fan Firmware
Vendor: CVE Published:; 4 October 2023

Summary

Nokia WaveLite products have a vulnerability that enables local users to escalate their privileges to administrative levels by manipulating web requests, particularly if security hardening guide rules are not adhered to. This flaw compromises user account integrity across several WaveLite Metro product models, creating a significant risk for network security and operational stability.

References

https://nokia.com

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Jan 4, 2023